UbuntuUpdates.org

Package "php7.4"

Name: php7.4

Description:

server-side, HTML-embedded scripting language (metapackage)

Latest version: 7.4.3-4ubuntu2.2
Release: focal (20.04)
Level: security
Repository: main
Homepage: http://www.php.net/

Links


Download "php7.4"


Other versions of "php7.4" in Focal

Repository Area Version
base universe 7.4.3-4ubuntu1
base main 7.4.3-4ubuntu1
security universe 7.4.3-4ubuntu2.2
updates main 7.4.3-4ubuntu2.2
updates universe 7.4.3-4ubuntu2.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 7.4.3-4ubuntu2.2 2020-05-27 20:06:58 UTC

  php7.4 (7.4.3-4ubuntu2.2) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service through oversized memory allocated
    - debian/patches/CVE-2019-11048.patch: changes types int to size_t
      in main/rfc1867.c.
    - CVE-2019-11048

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 26 May 2020 09:24:22 -0300

Source diff to previous version
CVE-2019-11048 In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or

Version: 7.4.3-4ubuntu1.1 2020-05-06 13:09:18 UTC

  php7.4 (7.4.3-4ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: Read one byte of uninitialized memory
    - debian/patches/CVE-2020-7064.patch: check length in
      exif_process_TIFF_in_JPEG to avoid read uninitialized memory
      ext/exif/exif.c, ext/exif/tests/bug79282.phpt.
    - CVE-2020-7064
  * SECURITY UPDATE: Memory corruption, crash and potentially code execution
    - debian/patches/CVE-2020-7065.patch: make sure that negative values are
      properly compared in ext/mbstring/php_unicode.c,
      ext/mbstring/tests/bug70371.phpt.
    - CVE-2020-7065
  * SECURITY UPDATE: Truncated url due \0
    - debian/patches/CVE-2020-7066.patch: check for get_headers
      not accepting \0 in ext/standard/url.c.
    - CVE-2020-7066

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 05 May 2020 09:14:27 -0300

CVE-2020-7064 In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exif_read_data() function, it is possible
CVE-2020-7065 In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could
CVE-2020-7066 In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using get_headers() with user-supplied URL, if the URL contains z



About   -   Send Feedback to @ubuntu_updates